I changed the headline of this blog to reflect my personal observations in talking with hundreds of business associates (BAs). BA security is bad because most BAs don't know the requirements let alone how to meet them. CE security is bad because a lot of CEs are blase bout HIPAA or rely on outdated views of the requirements.
BA Security Is Probably a Lot Worse Than You Think
Tally of Health Data Breaches Apparently Undercounts Incidents Involving BAs
Marianne Kolbasuk McGee (HealthInfoSec) • May 13, 2016